Yii Framework Forum: Security in yii2 - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Security in yii2 Rate Topic: -----

#1 User is offline   ninjacyber 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 18-April 12

Posted 09 November 2017 - 09:01 AM

dear all,

i have question from one of my clients about security in yii2, they have complaint about folder permission 777 in asset and runtime folder and denied to implement those settings

therefore, our project has been delayed due security reason

they demand explanation from official yii team about those configuration

can you help me out?
0

#2 User is offline   alrazi 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 1,546
  • Joined: 08-August 12
  • Location:Durban, South Africa

Posted 09 November 2017 - 09:38 AM

hi there,

Well yii does not require 777 permissions for assets and runtime it requires write permissions for assets and runtime dir. As for runtime directory that does not even have to be public, also same for the assets you can build your assets and move to public dir. It is not even yii related in general it depends how you deploy your app it could be a (php, laravel, java, c#) app.

hope that helps.
0

#3 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,225
  • Joined: 17-January 09
  • Location:Russia

Posted 09 November 2017 - 01:49 PM

As alrazi explained, Yii doesn't require 777 but write permissions for the PHP process.
Yii 2.0 Development Cookbook

Enjoying Yii? Star us at github

Support me so I can work more on Yii: https://www.patreon.com/samdark
0

#4 User is offline   ninjacyber 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 18-April 12

Posted 09 November 2017 - 10:29 PM

thank All four your answer :)
0

#5 User is offline   JJBros 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 14
  • Joined: 27-November 17

Posted 27 November 2017 - 07:04 PM

Hello, this is a few days old, but id like to ask you a question:

Quote

hi there,

Well yii does not require 777 permissions for assets and runtime it requires write permissions for assets and runtime dir. As for runtime directory that does not even have to be public, also same for the assets you can build your assets and move to public dir. It is not even yii related in general it depends how you deploy your app it could be a (php, laravel, java, c#) app.

hope that helps.


What does this mean? I have them set to 775. Are you saying I can set them to 770? Or are you saying you can put them somewhere else? We are deploying the whole application to the server using code deploy, is this not the best method?
0

#6 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,225
  • Joined: 17-January 09
  • Location:Russia

Posted 29 November 2017 - 02:49 PM

It all depends on permissions of your code that deploys.
Yii 2.0 Development Cookbook

Enjoying Yii? Star us at github

Support me so I can work more on Yii: https://www.patreon.com/samdark
0

#7 User is offline   JJBros 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 14
  • Joined: 27-November 17

Posted 29 November 2017 - 05:31 PM

View Postsamdark, on 29 November 2017 - 02:49 PM, said:

It all depends on permissions of your code that deploys.


What is the preferred and more secure set up? I asked a similar question in my other post: (reply there I guess) http://www.yiiframew...post__p__314196
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users